We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3652

IKEv1 default AH/ESP responder can cause libreswan to abort and restart



Assignerlibreswan
Reserved2024-04-11
Published2024-04-11
Updated2024-10-29

Description

The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

Product status

Default status
unaffected

3.22
affected

5.0
unaffected

Timeline

2024-03-24:Issue reported publicly by github user X1AOxiang via https://github.com/libreswan/libreswan/issues/1665
2024-03-27:Fix published in commit 03caa63de1e3 (as issue was already public via githb issue)
2024-04-10:Advanced notice given to support customers and distributions
2024-04-12:CVE-2024-3652 published

Credits

github user X1AOxiang finder

References

https://libreswan.org/security/CVE-2024-3652 (CVE-2024-3652) vendor-advisory

http://www.openwall.com/lists/oss-security/2024/04/18/2

cve.org CVE-2024-3652

nvd.nist.gov CVE-2024-3652

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3652
Subscribe to our newsletter to learn more about our work.